CERT Reports Multiple BIND Vulnerabilities

The CERT Coordination
Center has discovered an error in BIND that could severely affect the
operation of the Internet. Malicious users can exploit these vulnerabilities to
change the operation of Internet addresses.

CERT, an organization at Carnegie
Mellon University, has discovered vulnerabilities in the Berkeley Internet
Name Domain (BIND) server software used to map IP addresses to alphanumeric domain
names. These vulnerabilities could enable unauthorized users to change the way
domain names are mapped, rerouting email, web traffic, and other Internet data.

Each of the four vulnerabilities involve sending garbage
queries to a BIND server. Although the queries are meaningless to BIND, they
must be specially designed to confuse function within the software. When the
queries are repeated, errors such as buffer overflows can result, leaving the
server open to malicious reconfiguration. Another vulnerability reveals
environment variables to the user, giving him information about the server.

CERT says that
most BIND vendors have patches available to guard against these vulnerabilities,
which can be downloaded from the vendor sites. One notable exception is the Internet Software Consortium (ISC), a group that
put out BIND 4, but no longer maintains it. ISC recommends users upgrade their
BIND software to BIND 8.2.3 or BIND 9.1.

BIND servers
are typically deployed on Unix machines, as a gateway to enterprise or
educational networks.